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IP Address 


m IP = Internet Protocol 
o They are assigned when a device joins a network to make them traceable. 
o 2 Types - IPv4 & IPv6 


o Your Router will have the internet visible IP address but will assign a private IP 
address to your computer and every other device on its network. 


o If directly connected, your computer will have the internet visible IP address. 


MAC Address 


m MAC = Media Access Control 


o It's the unique serial number assigned to every network adapter when 
manufactured. 


o MAC addresses are typically used only to direct packets from one device to the 
next as data travels on a network. 


o Can't be hidden but doesn't travel beyond the local network. 


© A Switch transmits data among devices on 
a local network while a Router routes data 
among networks. 


o Switches use MAC addresses while Routers use 
IP addresses. 


o Routers are far more powerful and provide 
additional features such as firewall protection. 
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o A protocol that determines how data is transmitted in a Local Area Network (LAN). \ “yy 
© Technically referred to as IEEE 802.3 protocol. \ Pa l 
o Used widely in offices, banks and in homes. Cn 


o Most laptops & PCs come with integrated ethernet cards. 


Ethernet Process 


o Device A wants to send data to Device B. 
o Device A checks to see if the carrier (main wire connecting the devices) is free. 
o If YES, device A sends the data packet on the network. 


o Device B receives the packet. 


o If NO, device A waits for some thousandths of a second and tries again. 


o Hypertext Transfer Protocol m Hypertext Transfer Protocol 
o It defines how messages are secure 
formatted and transmitted over © Communication between the 
the web. web browser and web server is 
encrypted. 


o It also determines what actions 
web servers and browsers 
should take in response to 
various commands. 


o A must for websites where 
sensitive info like passwords, 
credit card details are exchanged. 


o Encryption is implemented by 
making use of TLS or SSL. 
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SSL 


o Secure Sockets Layer o Transport Layer Security 
o Establishes an encrypted link between o Successor to SSL 

web server aind browser. o More advanced and offers a higher 
Your web server requires an SSL degree of encryption and security. 


cernere Pe installeer ik, o SSL & TSL are used interchangeably. 
This certificate serves as proof that the 

website is secured with SSL but also 

has an expiry date. 


A browser connecting to your site 
will check to see if the certificate 
has expired before completing the 
connection. 


The Internet Protocol Suite 


TCP/IP 


© The conceptual model and set of communication 
protocols used on the internet. 


© Provides end-to-end data communication specifying 
how data should be packetized , addressed, 
transmitted, routed and received. 


© Responsible for data sent from a host to a destination 
(another host, network or internet) and vice versa. 


a Commonly referred to as TCP/IP (the two foundational 
protocols): 


1. Transmission Control Protocol 


2. Internet Protocol 


Divided into 4 main layers: 


o Link Layer o Transport Layer 


o Internet Layer o Application Layer 
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I Link Layer 


o The lowest layer in the TCP/IP 
architecture. 
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I internet Layer 


o Handlesinternetworkingbetweennetworks. 


® Is not responsible for a reliable 


o Communication protocols that only transmission. 


operate on the link that a host is 
physically connected to. 


o Sample protocols include: 
1. MAC 
2. Ethernet 
3. IEEE 802.11 (wifi) 


| Transport Layer 


o Captures data packets and sends them to 
the appropriate transport layer protocol. 


o Provides error detection and diagnostics. 
o Sample protocols include: 
1. IP - IPv4 & IPv6 


2. ICMP - Internet Control Message 
Protocol used for error detection 


I Application Layer 


o Handles host to host communication. o Handles data exchange between 


o Is responsible for a reliable 
transmission. 


© Handles flow control and prevents 
congestion. 


o Core protocols include: 
1; TCP 2. UDP 


DNS 


o Domain Name System 


o Translates domain names 
into IP addresses e.g www. 
alex.com = 101.43.192.45 


o The phone book of the 
internet 


applications. 


o Make use of specific protocols in the 
layers beneath them. 


o Sample protocols include: 
1. HTTP 3: FTP 
2. SSL 4. SMTP 
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The Internet - Privacy & Survival 


of the Paranol 


What is Privacy? 


o The ability to protect valuable 
o and sensitive information. 


Privacy ensures that personal 
information is collected, 
processed, used and destroyed 
in a legal and fair manner. E.g 
medical records. 


DPS 


What is Anonymity? 


o Keeping a user's identity hidden. 


© Actions carried out cannot be traced back to the user. 
o Hackers dream 


© Can never be guaranteed. 
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o The near anonymous state where a user has a consistent identifier that 
is not their real name - pseudonym. 


o In pseudonymous systems, the real identities are available to the 
administrators. E.g Hookup sites. 


Pseudo-anonymity *** 


o The appearance but not the reality of anonymity online. 


o Enables anonymous posting without the need for an identifier e.g 
pseudonym. 


o Userscanstill be traced through IP addresses and are generally required 
to provide some ID when signing up. 
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Identity Strategies 


© Open 

o Avoidance 

© Persona 

o Compartmentalization 


o Selective/Custom 


Open Strategy 


o Authentic 


o Can leave you vulnerable 


Avoidance Strategy 


© Deprives you of online benefits 


Persona Strategy 


o Vulnerable, Fake personality 


o Very common with journalists, 
politicians 


LA Can 


o Every device behaves in a unique manner when interacting with a web page. 

Œ The action is invisible to the user and can be used to create a fingerprint for the device. 
o The user can then be tracked using the fingerprint when the same device goes back online. 
m@ This tracking technique is called canvas fingerprinting. 


o The tracking script on the website visited will instruct your browser to draw an invisible 
image behind the scenes. 


o Every device will draw such an image in a unique manner thus creating a special ID and 
fingerprint for each device. 


Ææ Cookie Syncing - Tracking companies share the information they have about you without 
your knowledge or approval. 


How We are Tracked Online | 


mu Use a VPN 
m Email Caution 

m Clear Browser Cache 

mm Adjust Social Media Privacy Settings 


m Turn off Location Tracking 
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Anonymizers, Proxies, Virtual 
Private Networks & Tor 


J 


C Ee 


Anonymizers 


Anonymizer is the collective term for tools and software that are used to 
make activity on the Internet untraceable. 


o Offers protection against hackers & identity theft. 
o Provides privacy. 


o Bypasses censorship allowing access to information. 


I 
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Single Point - Passes your surfing through a single point to protect your 
identity e.g proxy server. i 
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Networked - Transfers your communication through a network of 
computers e.g Tor 


Proxy Servers 


A proxy is a server that acts as an intermediary for requests made by 
clients seeking resources from web servers. 


© Can provide you with a proxy IP address for defeating restrictions and 
censorship. 


© Bypasses your ISP. 


o Useful for torrents. 


Things to Note i Zo 


o Speed can be an issue. / N J | 
o Reliability not a guarantee. A aa 


o Provides no encryption. K—. 
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Virtual Private Network 


Computer VPN Server Internet 


A VPN is a solution that allows 

users to send and receive data while 
maintaining the secrecy of a private 
network. I 


o More powerful than a proxy server. 


m Creates an encrypted tunnel that 
secures the traffic between the 
client and VPN server. 


o In theory, VPN can provide optimal 
but not total privacy. 


o Useful for accessing a form's 
intranet while away. 
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[re through VPN 
Connection - Pros 


o Use of Tor is hidden from ISP. 


o Tor entry node will not see your 
IP address but that of the VPN. 


o Allows access to hidden Tor 
services / websites. 


Tor Through VPN 
Connection - Cons 


o VPN provider knows your real IP 
o address. 


p Tor exit nodes are unencrypted 
and can be monitored. 


Tor edit nodes can be blocked. 
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| VPN through Tor 
Connection - Pros 


o Bypasses blocked exit nodes. 


o VPN provider cannot see your 
real IP address. 


o Protection from malicious exit 
nodes due to encrypted data 
entering and exiting Tor network. 


VPN through Tor 
Connection - Cons 


o VPN providers can see your 
traffic. 


o More susceptible to end-to-end 
timing attacks. 


o VPN through Tor connection 
provides true anonymity and is 
more secure *** 


Malware, Viruses, Rootkits, 
Ransomware & Attacks 


12] 


ae ARIE 


o Malware is the collective term for all malicious software & programs. 


o No all-in-one solution. 


Malware Family 


Œ Viruses - Replicate themselves by contaminating legit programs with 
their own code. 


m Worms - Self replicate and spread themselves through a network. 


m Trojans - Pretend to be real programs e.g games. Do not inject 
themselves into other programs. 


m Rootkits - Provide access to unauthorized areas. Extremely hard to 
detect and eradicate. 


mm Ransomware - Blocks access to data until a random is paid. 


Exploits - Take advantage of bugs and vulnerabilities. 


Viruses 


o Viruses typically attach themselves to executable files and Word 
documents. 


o They spread via email attachments, infected websites and flash drives. 
o Avirus will remain dormant until the infected file or system is activated. 


Once activated, the virus causes destruction. 


Worms 


o Worms enter systems via network connection or a downloaded file. 


o They then make copies of themselves and can spread via a network / 
internet connection. 


Fight Against Viruses & Worms 


o Antivirus and Antimalware products. 
o Restrict use of flash drives. 


o Scan Email Attachments. 


What is an Antivirus? 


Anti-virus software is used to protect a 
computer from malware. 


Viruses detect malware by signatures 
i.e pattern of data that is known to be 
related to already identified malware. 


Antiviruses can also use Heuristic 
methods i.e predicting a file is 
malicious by studying its behavior. 


Sandbox Testing - the file is allowed 
to run in a controlled virtual system to 
see what it does. 


Can result in a false positive - a legit 
program classified as malware. 


o Full System Scan 


o Polymorphic virus - A virus that morphs or 
changes its code making it very difficult to 


be detected. 


Antivirus Operations 


© On Access Scanning - The antivirus checks 
every file or program that is opened. 
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1. Kernel Level - They have the highest privilege and can 
inject code in the core of the OS. 


2. Application Level - Can modify the behavior of existing 
applications. 


3. Library Level - Can hook, patch or replace system calls 
with malicious code to hide its presence. 


4. Hypervisor Level - They target the boot sequence and 
load themselves as an hypervisor. 


5. Firmware Level - Overwrite the BIOS of the PC. Allows 
the rootkit to install and hide malware. 


o Antimalware doesn't work anymore. 
o Windows settings change e.g pinned items changing, background images. 
o Frozen input devices like mouse and keyboard. 


© High network usage on idle computers. 


Ransomware 


YOUR PERSONAL FILES 
AREIENGRYPTED 


LA EIER! 
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Infection Methods 


© Email Attachments - Infectious links or attachments are sent via an email from the 
attacker to the victim. 


© Exploits - Attacker takes advantage of bugs and unpatched vulnerabilities on a PC. 


o The public release of private information about an individual or company. 
o The attacker threatens to release sensitive info unless the victim pays up. 


o Potentially more effective than traditional ransomware attacks. 


Prevention Methods 


© Email Attachments - Never Open 
suspicious attachments or links sent via 
email. 


o Exploits - Always update and patch 
whenever possible. 


© Malware - Install antimalware 
software. 


o Backups - This won't prevent 
attacks but will reduce the severity 
of a successful attack. 


© Websites - Say no to porn websites | \ 
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MAC Address EE 


Storing & accessing files & data on the internet 
rather than a local hard drive. 


o Data should be accessible anywhere & anytime 
o with an internet connection. 


# Web based apps - office online. 
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| ° Theword “cloud” isa metaphor for the internet. 
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o Google Drive 

o iCloud 

o Amazon Web Services 
Œ Dropbox (hybrid) 


Cloud Arguments 


o Control, privacy and trust issues 
o Outages and lack of access 


© Ownership - who owns the data? 


Best Practices 


Backups, Storage, The Cloud & 


Encryption 


o Never store sensitive data e.g medical 
records in the cloud 


o Store music, videos and regular files. 


o Use more than one. 
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What does 
Encryption protect 
you against? 


Physical theft 
If your device is seized 
Repairs 


Data alteration 


What doesn't Encryption 
protect you against? 


o Malware & Rootkits 
o Cold Boot Attack 


o After decryption, the key can be gotten from memory. 


o Files back to an unencrypted location are vulnerable. 


Encryption Attacks 


Rootkits & Bootkits 


© Rootkits have equal or more privileges than the 
operating system. 


o Application level rootkits can bypass encryption. 


a Secure boot process can be used to prevent this 
attack. 
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Brute Force Attacks 


o The process of trying millions of passwords until the right one is found. 


© Fairly easy to combat with complex passwords and account lockouts. 


Direct Memory Access Attack 


o A second PC running a memory scanning tool is connected to the target PC 
through the DMA port e.g thunderbolt. 


© Once connected, the software scans the memory and uncovers the 
encryption key. 


© The encryption key can then be used to decrypt the hard drive. 


o Vulnerable ports can be disabled. 


Hyberfil.sys Attack 


o hyberfil.sys is the Windows hibernation file which contains a snapshot of the system 
memory when the system hibernates. 


o Tools exist that can be used to scan the file for the encryption keys. 


o By default, Windows is designed to be secure against this attack because the hyberfil. 
sys file is stored within the encrypted container. 


l Reached target Timers. 
3.832419] systemd[1]: Reached target Timers. 
53.0333501 systemdi11: Starting Journal Socket. 
OK 1 Listening on Journal Socket. 
2.839584] systemd[1]: Listening on Journal Socket. 
5.043323] systemd(1): Starting dracut cmdline hook... 
Starting dracut cmdline hook... 
3.854721 systemd(1]: Starting Journal Service... 


Starting Journal 3ervicc... 
OK 1 Started Journal Service. 


6.667259] systemdlil: Started Journal Service. 


Starting Create list of required static device nodes...rrcnt kernel 
starting Setup Virtual Console... 


I OM 1 Listening on udev Kernel Socket .[ 6.559659] systemd- journaldI58] 
cuuming donc, freed 6 bytes 


L 1 Listening on udev Control Socket, 

L 1 Reached target Sockets. 

i 1 Reached target Swap. 

| 1 Reached target Local File Systems. 

L 1 Started Create list of required static device nodes 
Starti Croato atatia device nodes in dry... 


.. Current kernel 
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Memory Remanence Attack 


© Cold boot attack 


© Memory chips don't immediately lose their power when a PC is turned off. 


o An attacker with physical access to the memory chips can read the encryption 
key. 


o Freeze the PC's memory. For example, an attacker can freeze the memory to 
-50°C by spraying it with aerosol air duster spray. 


© Restart the PC. 


o Instead of restarting Windows, boot to another operating system. Typically, this 
is done by connecting a bootable flash drive or loading a bootable DVD. 


© The bootable media loads the memory remanence attack tools, which the 
attacker uses to scan the system memory and locate the encryption keys. 


o The attacker uses the encryption keys to access the driver's data. 
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- Scams, 


Social Engineering 


© The art of gaining unauthorized access to buildings & systems through the 
exploitation of human psychology. 


o Targets the weakest link in a security model/system - the human element. 
Æ The term was popularized by Kevin Mitnick. 


Types of SE Attacks 


© Phishing * 
o Vishing 


ineering 


© Smishing 
© Sextortion 
© Insider 


© Phony recruiters 


Cons, Tricks & Fraud 


Social Eng 


o Attacker calls the target and pretends to be from Microsoft or from the 
target’s company. 


o Attacker claims the victim's computer has been infected with malware and 
has the solution. 


o Attacker directs the victim to perform certain operations on the computer 
in order to grant the attacker access. 
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Smishing 


o Attackers use text messages. 


o The text will contain either a link or a phone number that 
can be used to lure the victim. 


Sextortion 


o Attacker poses as a potential sex partner and lures the 
victim to share compromising videos or pictures. 


o The videos/photos are then used to blackmail the victim. 


© Senior officials or top executives are often targets. 


o Attacker infiltrates a company through a job offer or 
connects with a disgruntled employee of the target 
company. 


Phony Recruiters 


o Attacker pretends to be a headhunter and lures the victim 
to provide confidential data. 


o Attackers can get enough data to figure out who to attack 
in the company. 


Prevention 


o Vigilance 


o Training 


The World of Electronic Mail - 


221 


Dangers, Attacks & Protection 
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| Receiving Email Ports & Protocols 


o IMAP port 143 (unencrypted) 

© POP port 110 (unencrypted) 

o IMAP port 993 (SSL/TLS encrypted) 
POP port 995 (SSL/TLS encrypted) 


Æ IMAP (Internet Message Access Protocol) - emails are synced between the 
mail client and the mail server. Less secure but more convenient. 


€ POP (Post Office Protocol) - emails are stored only on the client. More secure 
but less convenient. 


I Sending Email Ports & Protocols 


o SMTP port 25 (unencrypted) 

© SMTP port 465 (SSL/TLS encrypted) 

© STARTTLS port 587 (SSL/TLS encrypted) 
SMTP (Simple Message Transfer Protocol) 


m STARTTLS - can turn an insecure connection to a secure one. 
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Phishing 


o Attacker masquerades as a reputable person or company 
in an email (spoofing). 


© Emails contain malicious links or attachments that can be 
used to extract data e.g passwords, CC details, etc. 


° Targetemailsaregottenthroughreconnaissancemethods. 


© Phishing campaigns are often built around popular events 
or breaking news. 


The CEO Wire Fraud Attack 


1” 


o Attacker sends an email “spoofed” to look like it was 
sent by top ranking executives and asks to have funds 
transferred to a financial institution. 


Prevention 


o Never download attachments or click on links from 
unknown sources. 


o It’s okay to open phishing emails. 


o Double check before transferring funds. 
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USEFUL LINKS 


° https://www.labcyber.com/ 


https://www.linkedin.com/in/alexanderoni/ 


o 


o https://www.linkedin.com/company/lab-cyber/ 
https://www.youtube.com/channel/UCfYIZcXn7mrlucP8vPbbbXg 


o https://www.howtogeek.com/115483/htg-explains-learn-how-websites-are- i 


o 


tracking-you-online/ 


https://www.techradar.com/news/us-uk-investigating-facebooks-role-in- 
cambridge-analytica-data-breach 


o 


o 


https://pastebin.com/TB4ifihx 


o 


https://docs.microsoft.com/en-us/windows/security/information-protection/secure- 
the-windows-10-boot-process 


https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/ 
bitlocker-overview 


o 


o https://www.computerweekly.com/feature/Self-encrypting-drives-SED-the-best- 
kept-secret-in-hard-drive-encryption-security 


o https://www.youtube.com/watch?v=F78UqdORII-Q 


o https://www.csoonline.com/article/2123704/social-engineering--anatomy-of-a- 
hack.html 


